Problem
Automation and bot workflow phases were deferred. Repository-level policy operations remain mostly manual.
Intent
Move contract and pin-governance checks from mostly local/manual operation to repeatable CI policy workers.
Scope
- Add PR workflow gates for contract and policy checks.
- Add scheduled workflow for pin lifecycle visibility.
- Optionally add bot-assisted pin update proposal workflow.
Non-goals
- No broad platform automation beyond this repository.
- No runtime control-plane behavior in this issue.
Tasks
- Add
.github/workflows PR gate for nix flake check path:. --no-write-lock-file.
- Add scheduled pin lifecycle workflow based on existing scripts/checks.
- Define workflow output artifacts and failure policy.
Acceptance criteria
- PRs are blocked when contract/policy checks fail.
- Scheduled workflow emits actionable pin lifecycle output.
- Workflow behavior is documented for maintainers.
Problem
Automation and bot workflow phases were deferred. Repository-level policy operations remain mostly manual.
Intent
Move contract and pin-governance checks from mostly local/manual operation to repeatable CI policy workers.
Scope
Non-goals
Tasks
.github/workflowsPR gate fornix flake check path:. --no-write-lock-file.Acceptance criteria